[SAP BYD - HELP] CSRF token validation failed

former_member865140 · ‎07-05-2023

Hi Expert,

I have a problem below when I Patch to oData.

The first time, I Get oData with HeaderParam. It returns status 200.
Then I got HeaderParam "x-csrf-token" with the value which I GET it in the result and I Patch the Odata. It returns status 403 Forbidden.
I got an error "CSRF token validation failed" when I Patch It, I have tested it before in Postman it was successful.
I have tried many times like adding Cookies and changing the method Patch,... but it's not successful.

All my code I wrote in one script file, and I call GET, PATCH Odata at the same time.
P/s: So how can I fix it? I hope my question can be slove.
Thanks and Best Regards

kursatbeyoglu · ‎08-01-2023

Hi hoangtridung2405.

I faced same problem. Actually, there are two issues, both 'POST' and 'PATCH' method and i was able to solve for POST Method. (not PATCH Method, i m still looking for solution. You can use this code, probably you problem will be solved.

By the way, i was able to reach to solve by using 'cookies'. I hope it work.

Best Regards.

...
httpMethod	 = "GET";
contentType	 = "application/json";
httpResource     = "...";
body		 = "";
getToken	 = "";

headerParamater.Clear();
headerParamaterEntry.Clear();

headerParamaterEntry.Name = "x-csrf-token";
headerParamaterEntry.Value = "fetch";
headerParamater.Add(headerParamaterEntry);

var resultGETToken = WebServiceUtilities.ExecuteRESTService(scenarioName, serviceName, httpMethod, httpResource, urlParamater, headerParamater, contentType, body);
if(resultGETToken.Code.Contains("200"))
{
	var getToken = "";
	var cookie	: cookies;
	var cookieTable	: collectionof cookies;
	
        var getHeadersParameter = resultGETToken.HeaderParameters.Where(r=>r.Name == "x-csrf-token");

	if(getHeadersParameter.Count() > 0) getToken = getHeadersParameter.GetFirst().Value;
	foreach(var k in resultGETToken.Cookies)
	{
		cookie.HTTP_Name	  = k.HTTP_Name;
		cookie.HTTP_Value	  = k.HTTP_Value;
		cookie.Domain_Name	  = k.Domain_Name;
		cookie.HTTP_Path_Name 	  = k.HTTP_Path_Name;
		cookie.HTTP_Secure_Cookie = k.HTTP_Secure_Cookie;
		cookie.HTTP_Expiry_Date	  = k.HTTP_Expiry_Date;
		cookieTable.Add(cookie);
	}

	if(getToken.IsInitial() == false)
	{
		patchServNow = true;
		postServNow = false;
		if(postServNow == true)
		{
			body.Clear(); // you can write your body template
			headerParamater.Clear();
			headerParamaterEntry.Clear();

			httpResource = "...";
			httpMethod   = "POST";

			headerParamaterEntry.Name = "x-csrf-token";
			headerParamaterEntry.Value = getToken;
			headerParamater.Add(headerParamaterEntry);

			headerParamaterEntry.Name = "Connection";
			headerParamaterEntry.Value = "keep-alive";
			headerParamater.Add(headerParamaterEntry);

			headerParamaterEntry.Name = "Content-Type";
			headerParamaterEntry.Value = "application/json";
			headerParamater.Add(headerParamaterEntry);

			headerParamaterEntry.Name = "Accept";
			headerParamaterEntry.Value = "*/*";
			headerParamater.Add(headerParamaterEntry);

			headerParamaterEntry.Name = "Accept-Encoding";
			headerParamaterEntry.Value = "gzip, deflate, br";
			headerParamater.Add(headerParamaterEntry);

			headerParamaterEntry.Name ="X-Requested-With";
			headerParamaterEntry.Value = "X";
			headerParamater.Add(headerParamaterEntry);

			var resultPOSTMethod = WebServiceUtilities.ExecuteRESTService(scenarioName, serviceName, httpMethod, httpResource, urlParamater, headerParamater, contentType, body, cookieTable);
			if(resultPOSTMethod.Code.Contains("201"))
			{
			}
		}
	}
}

[SAP BYD - HELP] CSRF token validation failed

BTP Integration manage content dashboard could not...

Re: Using trial CPI dashboard is not loading

Re: ILM Migration: change ILM WebDav Store Provide...

Re: Sorting in Editable smart table

How to Enable Multiple Selection Mode in a Data Ta...